Data security is of vital importance in today's computer based society. A variety of encryption techniques are available to protect data from unwanted access. Specifically, key encryption techniques provide a significant level of security. Only persons with the proper key can decrypt the stored information and use the data. However, these techniques require that the encryption key be guarded carefully.
Split key systems help insure key secrecy. In split key systems an encryption key variable is used to encrypt the data. The key is then split, reduced, or otherwise manipulated, into independent portions called splits, and the original key is then destroyed. The action of splitting a key is referred to as reducing herein to avoid confusion with the end result of reduction (i.e. splits). A key may be reduced through any of a variety of mathematical operations which render the resulting splits virtually useless apart from one another but which allow the splits to be combined to recreate the original key.
In a split key system, one split is stored in host equipment, typically a large computer, and the other split is stored elsewhere, such as in a removable and portable device. The portable device and host equipment need to be brought together to decrypt the data because neither the host nor the portable device has the key information necessary to decrypt the data on its own. When the portable device and the host equipment are combined, the key can be regenerated from the splits, the stored information may be decrypted, and operations that use the encrypted data may be performed.
Some types of equipment grant access to multiple portable devices. This is accomplished by having the host equipment contain a number of different splits of the key. Any portable device having an appropriate split to match one of the host splits can then be used to access the encrypted data. Likewise, some portable devices store multiple splits, allowing them to be used to access separate databases stored on different host equipment.
It would be desirable if a portable device stored the encrypted data in addition to a split, and it would be further desirable if the portable device could perform encryption and decryption processing. For example, the encrypted data might be stored on a removable, portable device, such as a laptop computer, PCMCIA card, secure telephone access key, or other portable computing device. This would allow the data to be taken and used at various different hosts.
However, this arrangement poses a security problem. The number of hosts that can be used are limited to those that have been prearranged to include an appropriate split for creating an encryption key. Otherwise, a new host might have no way to access the decrypted data. A new host is a host that does not already contain a proper host key split of the encryption key.
An appropriate host split could be transferred to the new host, but this unfortunately entails a great security risk. If an attacker intercepted the host split, the attacker could then access the data stored on the portable device. To set up a new host, a secure channel might transmit an appropriate split to the new host. Unfortunately, the secure channel requirement severely limits the number of hosts that can be established for accessing the portable device's encrypted data. This is a significant drawback for situations that require encrypted data be available upon a multitude of hosts. Moreover, in some situations the portable device may be used to establish a secure channel. Consequently, the secure channel will not already be established when the new host split needs to be transmitted to the new host.